华三中小型企业二层组网配置案例一（单ISP+单链路）

news2026/4/1 10:12:35

1. 组网拓扑某企业内部共划分 4 个业务部门为实现部门间网络隔离与安全访问控制分别规划独立网段192.168.10.0/24、192.168.20.0/24、192.168.30.0/24、192.168.40.0/24。核心交换机作为三层网关配置各网段 VLANIF 接口地址全网采用 DHCP 服务器为终端动态分配 IP 地址、子网掩码、网关及 DNS 信息。接入交换机负责下联 PC、打印机等终端设备上联核心交换机实现数据转发。出口路由器通过运营商提供的固定公网 IP 地址接入互联网配置静态路由与 NAT 策略在满足内网用户正常上网的同时提升网络出口带宽利用率与整体访问速度保障企业办公业务稳定、高效、安全运行。2. 配置思路中小型企业二层组网配置思路如下1. vlan trunk配置2. VLANIF用户网关配置3. DHCP服务器配置4. 物理接口IP配置5. 静态路由配置6. NAT地址转换配置7. SSH远程登录配置3. 配置步骤步骤① vlan trunk配置1. 核心交换机vlan trunk配置。vlan 10 vlan 20 vlan 30 vlan 40 vlan 200 # interface GigabitEthernet1/0/2 port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 10 20 200 # interface GigabitEthernet1/0/3 port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 30 40 2002. 接入交换机1vlan trunk配置。# vlan 10 vlan 20 vlan 200 # interface GigabitEthernet1/0/24 port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 10 20 200 # interface GigabitEthernet1/0/3 port access vlan 10 interface GigabitEthernet1/0/4 port access vlan 20 #3. 接入交换机3 vlan trunk配置。# vlan 30 vlan 40 vlan 200 # interface GigabitEthernet1/0/24 port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 30 40 200 # interface GigabitEthernet1/0/4 port access vlan 30 interface GigabitEthernet1/0/5 port access vlan 40 #步骤②VLANIF用户网关配置1. 核心交换机VLANIF用户网关配置。# interface Vlan-interface10 ip address 192.168.10.1 24 # interface Vlan-interface20 ip address 192.168.20.1 24 # interface Vlan-interface30 ip address 192.168.30.1 24 # interface Vlan-interface40 ip address 192.168.40.1 24 # interface Vlan-interface200 ip address 192.168.200.1 24 #步骤③DHCP服务器配置1. 核心交换机DHCP服务器地址池配置。# dhcp enable # dhcp server ip-pool vlan10 gateway-list 192.168.10.1 network 192.168.10.0 24 dns-list 114.114.114.114 223.5.5.5 expired day 3 # dhcp server ip-pool vlan20 gateway-list 192.168.20.1 network 192.168.20.0 24 dns-list 114.114.114.114 223.5.5.5 expired day 3 # dhcp server ip-pool vlan30 gateway-list 192.168.30.1 network 192.168.30.0 24 dns-list 114.114.114.114 223.5.5.5 expired day 3 # dhcp server ip-pool vlan40 gateway-list 192.168.40.1 network 192.168.40.0 24 dns-list 114.114.114.114 223.5.5.5 expired day 3 #步骤④ 物理接口IP配置1. 出口路由器接口IP地址配置。# interface GigabitEthernet0/2 ip address 113.140.95.246 30 # interface GigabitEthernet0/1 ip address 192.168.190.1 24 #2. 核心交换机互联出口路由器地址配置。# interface GigabitEthernet1/0/1 port link-mode route ip address 192.168.190.254 24 #步骤⑤ 静态路由配置1. 出口路由器指向核心交换机的静态路由和指向公网的缺省路由配置。ip route-static 0.0.0.0 0 0 113.140.95.245 ip route-static 192.168.10.0 24 192.168.190.254 ip route-static 192.168.20.0 24 192.168.190.254 ip route-static 192.168.30.0 24 192.168.190.254 ip route-static 192.168.40.0 24 192.168.190.254 ip route-static 192.168.200.0 24 192.168.190.2542. 核心交换机指向出口路由器的缺省路由配置。ip route-static 0.0.0.0 0 192.168.190.1步骤⑥ NAT地址转换配置1. 出口路由器ACL 策略配置。acl basic 2000 rule 0 permit source 192.168.10.0 0.0.0.255 rule 0 permit source 192.168.20.0 0.0.0.255 rule 0 permit source 192.168.30.0 0.0.0.255 rule 0 permit source 192.168.40.0 0.0.0.255 rule 0 permit source 192.168.190.0 0.0.0.255 rule 0 permit source 192.168.200.0 0.0.0.2552. 在出口路由器出接口调用NAT 策略使内网正常访问互联网。interface GigabitEthernet0/2 nat outbound 2000步骤⑦ SSH远程登录配置1. 两台接入交换机管理地址配置核心交换机管理地址VLANIF接口已经配置过这里不用再配置。interface Vlan-interface 200 ip add 192.168.200.2 24 # ip route-static 0.0.0.0 0 192.168.200.1 # interface Vlan-interface 200 ip add 192.168.200.3 24 # ip route-static 0.0.0.0 0 192.168.200.12. 出口路由器、核心交换机、接入交换机SSH远程登录配置。public-key local create rsa public-key local create dsa # ssh server enable ssh server authentication-retries 5 ssh user admin service-type stelnet authentication-type password # local-user admin password simple admin123 service-type ssh authorization-attribute user-role level-15 # user-interface vty 0 4 authentication-mode scheme protocol inbound ssh说明其他设备SSH远程登录配置类似这里不做演示。

本文来自互联网用户投稿，该文观点仅代表作者本人，不代表本站立场。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如若转载，请注明出处：http://www.coloradmin.cn/o/2471614.html

如若内容造成侵权/违法违规/事实不符，请联系多彩编程网进行投诉反馈，一经查实，立即删除！